Tag: Containers

Containerization offers organizations significant benefits such as portability, scalability, and efficient resource utilization. However, managing access control and authorization for containerized workloads across diverse environments—from on-premises to multi-cloud setups—can be challenging. This blog post explores four architectural patterns that use HAQM Verified Permissions for application authorization in Kubernetes environments. Verified Permissions is a scalable permissions management and fine-grained […]

HAQM Web Services (AWS) customers operating in a regulated industry, such as the financial services industry (FSI) or healthcare, are required to meet their regulatory and compliance obligations, such as the Payment Card Industry Data Security Standard (PCI DSS) or Health Insurance Portability and Accountability Act (HIPPA). AWS offers regulated customers tools, guidance and third-party audit reports […]

July 16, 2024: We updated the code in this post and some of the CloudFormation parameters. HAQM Elastic Kubernetes Service (HAQM EKS) offers a powerful, Kubernetes-certified service to build, secure, operate, and maintain Kubernetes clusters on HAQM Web Services (AWS). It integrates seamlessly with key AWS services such as HAQM CloudWatch, HAQM EC2 Auto Scaling, […]

In this post, we show you how to apply attribute-based access control (ABAC) while you store and manage your HAQM Elastic Kubernetes Services (HAQM EKS) workload secrets in AWS Secrets Manager, and then retrieve them by integrating Secrets Manager with HAQM EKS using External Secrets Operator to define more fine-grained and dynamic AWS Identity and […]

AWS Signer is a fully managed code-signing service to help ensure the trust and integrity of your code. It helps you verify that the code comes from a trusted source and that an unauthorized party has not accessed it. AWS Signer manages code signing certificates and public and private keys, which can reduce the overhead […]

January 25, 2023: We updated this post to reflect the fact that CloudHSM SDK3 does not support serverless environments and we strongly recommend deploying SDK5. AWS CloudHSM provides hardware security modules (HSMs) in the AWS Cloud. With CloudHSM, you can generate and use your own encryption keys in the AWS Cloud, and manage your keys […]

March 15, 2023: We’ve updated this post to incorporate a section to investigate VPC flow logs. In part 1 of this of this two-part series, How to detect security issues in HAQM EKS cluster using HAQM GuardDuty, we walked through a real-world observed security issue in an HAQM Elastic Kubernetes Service (HAQM EKS) cluster and […]

In this two-part blog post, we’ll discuss how to detect and investigate security issues in an HAQM Elastic Kubernetes Service (HAQM EKS) cluster with HAQM GuardDuty and HAQM Detective. HAQM Elastic Kubernetes Service (HAQM EKS) is a managed service that you can use to run and scale container workloads by using Kubernetes in the AWS […]

HAQM Inspector is an automated vulnerability management service that continually scans HAQM Web Services (AWS) workloads for software vulnerabilities and unintended network exposure. HAQM Inspector currently supports vulnerability reporting for HAQM Elastic Compute Cloud (HAQM EC2) instances and container images stored in HAQM Elastic Container Registry (HAQM ECR). With the emergence of Docker in 2013, […]

If you run container workloads that use HAQM Elastic Kubernetes Service (HAQM EKS), HAQM GuardDuty now has added support that will help you better protect these workloads from potential threats. HAQM GuardDuty EKS Protection can help detect threats related to user and application activity that is captured in Kubernetes audit logs. Newly-added Kubernetes threat detections […]